Skip to main content

Uber officially discloses data breach that affected 57M users after concealing it for a year

Uber today has officially disclosed a massive data breach that affected some 57 million users. As noted in a report from Bloomberg, the breach originally occurred in October of 2016, with Uber working to conceal it for a year…

Of the 57 million affected users, 50 million were riders and the other 7 million drivers. The leaked information included names, email addresses, and phone numbers. Additionally, the license numbers of 600,000 drivers were exposed during the breach. Uber says no Social Security numbers or location data was involved.

Travis Kalanick, Uber co-founder and former CEO, was made aware of the breach in November 2016. Around that same time, the company was in the midst of settling issues with both the New York attorney general and the FTC over the handling of the customer data. Thus, instead of properly disclosing the breach, which it was under legal obligation to do, Uber paid the hackers $100,000 to delete the data and stay quiet.

Uber’s new CEO, Dara Khosrowshahi, responded to the news of the hack today and said “none of this should have happened” and reiterated Uber’s efforts to change how it does business.

“None of this should have happened, and I will not make excuses for it. We are changing the way we do business. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in the emailed statement.

Bloomberg explains that the hackers were able to access a private GitHub site used by software engineers at Uber, and used login credentials found there to access additional data stored on an Amazon Web Services account:

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information.

Under Khosrowshahi, Uber has been working to restore its reputation after a series of missteps with previous leadership. Uber has faced scrutiny for its location sharing habits on iOS and other privacy concerns. Most recently, the company launched a new Barclays-backed credit card in an effort to increase trustworthiness.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications